RFI

Question 1

DREAD

Answer 1

Quantifying risk by threat

Question 2

Integrity protection encompasses…

Answer 2

more than just data. Also OS, apps, HW

Question 3

DREAD + STRIDE

Answer 3

Threat modeling techniques

Question 4

Categories of security investigations (3)

Answer 4

Public, Private, Individual

Question 5

Linux file system that supports journaling

Answer 5

EXT4

Question 6

Journaling file system consequence

Answer 6

Burns out hard drive easier

Question 7

Each process starts with…

Answer 7

Single threat that can create more threads

Question 8

A Windows job is…

Answer 8

A group of processes

Question 9

Is a Signature ID an artifact of IPS/IDS events?

Answer 9

Yes

Question 10

Netflow templates provide

Answer 10

backward compatibility on netflow supporting systems

Question 11

IPFIX uses which protocol

Answer 11

SCTP

Question 12

SILK, ELK, Graylog

Answer 12

Can be used for Netflow analysis

Question 13

Netflow cache types (3)

Answer 13

Normal, Immediate, permanent

Question 14

IPFIX based on which version of netflow

Answer 14

9

Question 15

Incident Prioritization part of which phase of IR process

Answer 15

Detection + Analysis

Question 16

Cisco ATA

Answer 16

MSSP

Question 17

PSIRT

Answer 17

Vendor CIRT

Question 18

E-PHI

Answer 18

Electronic PHI

Question 19

Deterministic analysis

Answer 19

You know and obtain facts about an incident

Question 20

Activity attack graph useful for…

Answer 20

Highlighting attackers preferences and alternative attack paths

Question 21

First step in a forensic exercise

Answer 21

Collect and secure evidence

Question 22

Syslog port

Answer 22

UDP 514

Question 23

VERIS stands for

Answer 23

Vocabulary for Event Recording and Information Sharing

Question 24

How many people should know about a cyber crime investigation?

Answer 24

As few people as possible

Question 25

Resident Data

Answer 25

Data for very small files stored in the MFT.

Question 26

Cisco Adaptive Security Device Manager (ASDM)

Answer 26

Rule based firewall management

Question 27

DNScapy and DNSCAT2

Answer 27

DNS tunneling tools

Question 28

Goal of security awareness program

Answer 28

Provide understanding of risk and exposure

Question 29

What systems must be scanned for PCI DSS compliance?

Answer 29

All systems on isolated PCI network.

Question 30

Journaling Filesystems

Answer 30

EXT3/EXT4

NTFS

Question 31

Identifying attacking hosts part of which IR phase?

Answer 31

Containment, Eradication, and Recovery

Question 32

CVSS Temporal score categories

Answer 32

Remediation Level
Report Confidence
Exploit Code Maturity

Question 33

PCI-DSS Compliance scan frequency

Answer 33

Quarterly

Question 34

Senderbase capabilities

Answer 34

Reputation of web/email servers
Threat ratings of known hosts
Sources sending malware

Question 35

Activity threads

Answer 35

Relationship between multiple diamonds in the Diamond Model

Question 36

BDA strategy

Answer 36

Part of kill chain. Strategy to defend Before, During, and After an attack.